Skip to main content
Control Plane supports multiple authentication methods depending on how you access the platform.

Console UI

The Console uses single sign-on (SSO) for user authentication with the following providers:

Google

GitHub

Microsoft

SAML

After successful authentication, users’ access privileges are determined based on their assigned group membership or policy.
To enable SAML authentication for your organization, contact us on Slack or at [email protected].Values required from your authentication provider:
  • Entity ID
  • SSO URL
  • Certificate
Control Plane SAML configuration values:
  • Service Provider Entity ID: cpln.io
  • Assertion Consumer Service (ACS) / Callback URL: https://console.cpln.io/__/auth/handler

CLI

The CLI supports two authentication methods:
For interactive use, run the login command which opens your browser for SSO authentication:
cpln login
This creates a default profile with your credentials.

CLI Authentication Guide

Complete guide for CLI authentication including browser-less setup for CI/CD

Terraform

Configure the provider with your organization and authentication credentials: 
provider "cpln" {
  org   = "your-org-name"
  token = var.cpln_token  # Service account token
}
Or use environment variables: 
export CPLN_ORG=your-org-name
export CPLN_TOKEN=your-service-account-token

Terraform Provider

Complete Terraform provider setup and configuration

Pulumi

Configure authentication using Pulumi config or environment variables: 
pulumi config set cpln:org your-org-name
pulumi config set --secret cpln:token your-service-account-token

Pulumi Provider

Complete Pulumi provider setup and configuration

REST API

Authenticate API requests using a bearer token in the Authorization header: 
curl --request GET \
  --url https://api.cpln.io/org/your-org/gvc \
  --header 'Authorization: Bearer YOUR_TOKEN'
Tokens can be obtained from:
  • Service account key: Generated when creating a service account
  • User access token: Run cpln profile token PROFILE_NAME

API Reference

Complete API documentation with interactive examples

Service Accounts

For programmatic access (CI/CD, automation, IaC), create a service account and generate a key:
1

Create a service account

In the Console, navigate to Service Accounts and click New, or use the CLI:
cpln serviceaccount create --name my-service-account --org my-org
2

Generate a key

cpln serviceaccount add-key my-service-account --org my-org
The key is displayed only once. Save it immediately in a secure location.
3

Grant permissions

Add the service account to a group or create a policy granting it the necessary permissions.
4

Use the token

Use the generated key as your token in the CLI, Terraform, Pulumi, or API requests.

Create a Service Account

Step-by-step guide for creating and configuring service accounts